diff --git a/README.md b/README.md index f2707c6..db5bb2a 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,49 @@ # terraform-azurerm-keyvault-secrets Terraform module for Azure Key Vault Secrets + +Azure Key Vault is a cloud-based service provided by Microsoft Azure that enables you to securely store and manage cryptographic keys, secrets, and certificates. + +Using Azure Key Vault, you can protect your sensitive application data and maintain control over access to your data by storing it in a central location that's highly available, scalable, and durable. Key Vault is designed to simplify key management and streamline access to your cryptographic keys and secrets, which can be used by your applications and services in Azure or outside of Azure. + +This module creates: +- Azure Key Vault Secrets + +This module WON'T create: +- Azure Key Vault + + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.3.1 | +| [azurerm](#requirement\_azurerm) | >=3.65 | + +## Providers + +| Name | Version | +|------|---------| +| [azurerm](#provider\_azurerm) | >=3.65 | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [azurerm_key_vault_secret.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/key_vault_secret) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [key\_vault\_id](#input\_key\_vault\_id) | (Required) The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created. | `string` | n/a | yes | +| [secrets](#input\_secrets) | (Required) A list of Key Vault Secrets to create. |
list(object({| n/a | yes | + +## Outputs + +No outputs. + \ No newline at end of file diff --git a/examples/complete/README.md b/examples/complete/README.md new file mode 100644 index 0000000..eacb986 --- /dev/null +++ b/examples/complete/README.md @@ -0,0 +1,3 @@ +# Azure Key Vault Secret Complete Example + +This example shows how to deploy a complete Azure Key Vault list of Secrets. \ No newline at end of file diff --git a/examples/complete/main.tf b/examples/complete/main.tf new file mode 100644 index 0000000..d648bee --- /dev/null +++ b/examples/complete/main.tf @@ -0,0 +1,50 @@ +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "this" { + name = "rg-terraform-northeu-001" + location = "northeurope" +} + +module "key-vault" { + source = "Retoxx-dev/keyvault/azurerm" + version = "1.0.0" + + name = "kv-terraform-northeu-001" + resource_group_name = azurerm_resource_group.this.name + location = azurerm_resource_group.this.location + + sku_name = "standard" + + public_network_access_enabled = false + + self_service_principal_id = "00000000-0000-0000-0000-000000000000" + + network_acls = { + bypass = "AzureServices" + default_action = "Deny" + ip_rules = ["IP1"] + virtual_network_subnet_ids = [] + } +} + +module "key-vault-secrets" { + source = "Retoxx-dev/keyvault-secrets/azurerm" + version = "1.0.0" + + key_vault_id = module.key-vault.id + + secrets = [ + { + name = "Ultra Secret" + }, + { + name = "Super Secret" + content_type = "text/plain" + tags = { + "Environment" = "Dev" + } + } + ] +} \ No newline at end of file diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..14cc916 --- /dev/null +++ b/main.tf @@ -0,0 +1,22 @@ +################################################################# +# KEY VAULT SECRETS +################################################################# + +resource "azurerm_key_vault_secret" "this" { + for_each = { for secret in var.secrets : secret.name => secret } + name = each.value.name + value = each.value.value + content_type = each.value.content_type + + key_vault_id = var.key_vault_id + not_before_date = each.value.not_before_date + expiration_date = each.value.expiration_date + + tags = each.value.tags + + lifecycle { + ignore_changes = [ + value + ] + } +} \ No newline at end of file diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/variables.tf b/variables.tf new file mode 100644 index 0000000..3ee153c --- /dev/null +++ b/variables.tf @@ -0,0 +1,20 @@ +################################################################# +# KEY VAULT SECRETS +################################################################# + +variable "key_vault_id" { + type = string + description = "(Required) The ID of the Key Vault where the Secret should be created. Changing this forces a new resource to be created." +} + +variable "secrets" { + type = list(object({ + name = string + value = optional(string, " ") + content_type = optional(string, null) + not_before_date = optional(string, null) + expiration_date = optional(string, null) + tags = optional(map(string), null) + })) + description = "(Required) A list of Key Vault Secrets to create." +} \ No newline at end of file diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..4a321d5 --- /dev/null +++ b/versions.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3.1" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=3.65" + } + } +} \ No newline at end of file
name = string
value = optional(string, " ")
content_type = optional(string, null)
not_before_date = optional(string, null)
expiration_date = optional(string, null)
tags = optional(map(string), null)
}))